U.S. patent application number 17/612136 was filed with the patent office on 2022-07-21 for setting device, communication system, and vehicle communication management method.
This patent application is currently assigned to SUMITOMO ELECTRIC INDUSTRIES, LTD.. The applicant listed for this patent is AUTONETWORKS TECHNOLOGIES, LTD., SUMITOMO ELECTRIC INDUSTRIES, LTD., SUMITOMO WIRING SYSTEMS, LTD.. Invention is credited to Darmawan GO, Takeshi HAGIHARA, Yosuke SHIMIZU, Yusuke YAMAMOTO.
Application Number | 20220231997 17/612136 |
Document ID | / |
Family ID | 1000006299425 |
Filed Date | 2022-07-21 |
United States Patent
Application |
20220231997 |
Kind Code |
A1 |
YAMAMOTO; Yusuke ; et
al. |
July 21, 2022 |
SETTING DEVICE, COMMUNICATION SYSTEM, AND VEHICLE COMMUNICATION
MANAGEMENT METHOD
Abstract
A network having a new configuration is flexibly constructed
through a simple process while ensuring security in the network. A
setting device includes: an acquisition unit configured to acquire
an authentication result regarding a new function unit serving as a
function unit newly added to an in-vehicle network including one or
a plurality of function units; and a setting unit configured to,
when the authentication result acquired by the acquisition unit is
affirmative, perform a setting process for allowing the new
function unit and an existing function unit serving as a function
unit included in the in-vehicle network before the new function
unit is added thereto, to perform communication via a plurality of
relay devices capable of relaying information between the function
units, the setting process being regarding at least one of the
relay devices, the existing function unit, and the new function
unit.
Inventors: |
YAMAMOTO; Yusuke;
(Osaka-shi, JP) ; HAGIHARA; Takeshi;
(Yokkaichi-shi, JP) ; GO; Darmawan;
(Yokkaichi-shi, JP) ; SHIMIZU; Yosuke;
(Yokkaichi-shi, JP) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
SUMITOMO ELECTRIC INDUSTRIES, LTD.
SUMITOMO WIRING SYSTEMS, LTD.
AUTONETWORKS TECHNOLOGIES, LTD. |
Osaka-shi, Osaka
Yokkaichi-shi, Mie
Yokkaichi-shi, Mie |
|
JP
JP
JP |
|
|
Assignee: |
SUMITOMO ELECTRIC INDUSTRIES,
LTD.
Osaka-shi, Osaka
JP
SUMITOMO WIRING SYSTEMS, LTD.
Yokkaichi-shi, Mie
JP
AUTONETWORKS TECHNOLOGIES, LTD.
Yokkaichi-shi, Mie
JP
|
Family ID: |
1000006299425 |
Appl. No.: |
17/612136 |
Filed: |
March 10, 2020 |
PCT Filed: |
March 10, 2020 |
PCT NO: |
PCT/JP2020/010264 |
371 Date: |
November 17, 2021 |
Current U.S.
Class: |
1/1 |
Current CPC
Class: |
H04L 67/12 20130101;
H04L 63/0428 20130101; H04L 63/08 20130101 |
International
Class: |
H04L 9/40 20060101
H04L009/40 |
Foreign Application Data
Date |
Code |
Application Number |
May 30, 2019 |
JP |
2019-101427 |
Claims
1. A setting device comprising: an acquisition unit configured to
acquire an authentication result regarding a new function unit
serving as a function unit newly added to an in-vehicle network
including one or a plurality of function units; and a setting unit
capable of, when the authentication result acquired by the
acquisition unit is affirmative, performing a setting process for
allowing the new function unit and an existing function unit
serving as a function unit included in the in-vehicle network
before the new function unit is added thereto, to perform
communication via a plurality of relay devices capable of relaying
information between the function units, the setting process being
regarding at least one of the relay devices, the existing function
unit, and the new function unit.
2. The setting device according to claim 1, further comprising a
storage unit configured to store setting information for allowing
each function unit in the in-vehicle network to perform
communication, wherein the setting unit performs the setting
process on the basis of the setting information in the storage
unit.
3. The setting device according to claim 1, wherein the setting
unit performs the setting process by using a virtual network for
transmitting, to each function unit in the in-vehicle network,
setting information for allowing each function unit to perform
communication.
4. The setting device according to claim 1, wherein the setting
unit performs, as the setting process, a process of constructing a
new virtual network for allowing the new function unit and one or a
plurality of the existing function units serving as a communication
target of the new function unit to perform communication.
5. The setting device according to claim 1, wherein when an
existing virtual network as a virtual network for allowing one or a
plurality of the existing function units serving as a communication
target of the new function unit only, to perform communication has
been constructed, the setting unit performs, as the setting
process, a setting process regarding the new function unit and the
relay device and for allowing the new function unit and the one or
the plurality of the existing function units serving as the
communication target to perform communication by using the existing
virtual network.
6. A communication system comprising: a setting device; and a new
function unit serving as a function unit newly added to an
in-vehicle network including one or a plurality of function units,
wherein the setting device acquires information transmitted from
the new function unit and capable of specifying a function unit
serving as a communication target of the new function unit, the
setting device acquires an authentication result regarding the new
function unit, when the acquired authentication result is
affirmative, the setting device transmits, to the new function
unit, setting information for allowing the function unit serving as
the communication target and the new function unit to perform
communication via a plurality of relay devices capable of relaying
information between the function units, and the new function unit
performs setting for the new function unit on the basis of the
setting information received from the setting device.
7. A vehicle communication management method to be performed in a
setting device, the vehicle communication management method
comprising the steps of: acquiring an authentication result
regarding a new function unit serving as a function unit newly
added to an in-vehicle network including one or a plurality of
function units; and performing, when the acquired authentication
result is affirmative, a setting process for allowing the new
function unit and an existing function unit serving as a function
unit included in the in-vehicle network before the new function
unit is added thereto, to perform communication via a plurality of
relay devices capable of relaying information between the function
units, the setting process being regarding at least one of the
relay devices, the existing function unit, and the new function
unit.
8. A vehicle communication management method to be performed in a
communication system that includes a setting device and a new
function unit serving as a function unit newly added to an
in-vehicle network including one or a plurality of function units,
the vehicle communication management method comprising the steps
of: acquiring, performed by the setting device, information
transmitted from the new function unit and capable of specifying a
function unit serving as a communication target of the new function
unit; acquiring, performed by the setting device, an authentication
result regarding the new function unit; transmitting to the new
function unit, performed by the setting device, when the acquired
authentication result is affirmative, setting information for
allowing the function unit serving as the communication target and
the new function unit to perform communication via a plurality of
relay devices capable of relaying information between the function
units; and performing setting for the new function unit, performed
by the new function unit, on the basis of the setting information
received from the setting device.
9. The setting device according to claim 1, wherein the setting
device is provided in the relay device serving as a function unit
included in the in-vehicle network, and in the setting process, the
setting unit generates setting information of a new network for
allowing the new function unit and the existing function unit
serving as a communication target of the new function unit to
perform communication via the plurality of relay devices,
specifies, on the basis of the generated setting information, a
function unit for which setting change in the new network is
necessary, and when setting change of another relay device is
necessary, notifies the other relay device of a setting
content.
10. The setting device according to claim 1, wherein the setting
device is provided in the relay device, and the setting unit
receives, from the new function unit, connection request
information indicating a target function unit serving as a
communication target of the new function unit, and when setting
change of another relay device is necessary for allowing the new
function unit and the target function unit indicated by the
connection request information among the existing function units,
to perform communication via the plurality of relay devices,
notifies, in the setting process, the other relay device of a
setting content.
11. The setting device according to claim 1, wherein the setting
unit transmits, to the relay device, setting information for
allowing each function unit in the in-vehicle network to perform
communication, through encrypted communication using secret
information shared in advance with the relay device.
Description
TECHNICAL FIELD
[0001] The present disclosure relates to a setting device, a
communication system, and a vehicle communication management
method.
[0002] This application claims priority on Japanese Patent
Application No. 2019-101427 filed on May 30, 2019, the entire
content of which is incorporated herein by reference.
BACKGROUND ART
[0003] PATENT LITERATURE 1 (Japanese Laid-Open Patent Publication
No. 2008-59450) discloses a vehicle information rewriting system as
below. That is, disclosed is a vehicle information rewriting system
in which: a rewriting tool functioning as a data sender is
removably connected through communication means to a vehicle
control unit that has a main controller implemented as a CPU and
that performs, on the basis of execution of predetermined software
by the main controller, a control process of electronic devices
installed in a vehicle; and a memory content of a vehicle
information storage that is provided as a nonvolatile memory on the
vehicle control unit side and that stores vehicle information
including the software is rewritten on the basis of rewriting data
transferred through the communication means from the rewriting
tool. In the vehicle information rewriting system, the rewriting
tool is provided with: operation mode switching means that sets
switching between a rewriting permitted mode in which a rewriting
operation of the memory content of the vehicle information storage
is permitted and a rewriting restricted mode in which the rewriting
operation is restricted relative to the rewriting permitted mode;
wireless polling means that, during rewriting operation with use of
the rewriting tool, and in order to detect a wireless
authentication medium that should be carried by an authorized user
of the rewriting tool, wirelessly polls the wireless authentication
medium; and mode switch ordering means that orders the operation
mode switching means to switch to the rewriting permitted mode on a
precondition of a success of detection of the wireless
authentication medium through the wireless polling.
[0004] PATENT LITERATURE 2 (Japanese Laid-Open Patent Publication
No. 2003-46536) discloses a vehicular relay device as below. That
is, provided is a vehicular relay device disposed between an
in-vehicle LAN constructed in a vehicle and a communication device
that performs data communication with an external device located
outside of the vehicle, the vehicular relay device being configured
to relay communication between the external device connected
through the communication device and various in-vehicle electronic
devices connected to the in-vehicle LAN. The vehicular relay device
includes: first identification means that identifies, upon
reception of an access request for requesting access to an
in-vehicle electronic device in the in-vehicle LAN from the
external device, an access destination in-vehicle electronic
device, and that determines, on the basis of a result of the
identification, whether or not the access request is an access
request, for requesting access to the in-vehicle electronic device,
that requires authentication of the external device; first
authentication means that determines, when the first identification
means has determined that the access request requires
authentication of the external device, whether or not the external
device is an external device for which access to the in-vehicle
electronic device has been permitted in advance, on the basis of
first authentication information transmitted from the external
device; and first delivery means that delivers, to the access
destination in-vehicle electronic device, communication data
transmitted through the communication device from the external
device, when the first authentication means has determined that the
external device that has sent the access request is an external
device for which access to the in-vehicle electronic device has
been permitted in advance, or when the first identification means
has determined that the access request does not require
authentication of the external device.
CITATION LIST
Patent Literature
[0005] PATENT LITERATURE 1: Japanese Laid-Open Patent Publication
No. 2008-59450
[0006] PATENT LITERATURE 2: Japanese Laid-Open Patent Publication
No. 2003-46536
SUMMARY OF INVENTION
[0007] A setting device of the present disclosure includes: an
acquisition unit configured to acquire an authentication result
regarding a new function unit serving as a function unit newly
added to an in-vehicle network including one or a plurality of
function units; and a setting unit capable of, when the
authentication result acquired by the acquisition unit is
affirmative, performing a setting process for allowing the new
function unit and an existing function unit serving as a function
unit included in the in-vehicle network before the new function
unit is added thereto, to perform communication via a plurality of
relay devices capable of relaying information between the function
units, the setting process being regarding at least one of the
relay devices, the existing function unit, and the new function
unit.
[0008] A communication system of the present disclosure includes: a
setting device; and a new function unit serving as a function unit
newly added to an in-vehicle network including one or a plurality
of function units. The setting device acquires information
transmitted from the new function unit and capable of specifying a
function unit serving as a communication target of the new function
unit. The setting device acquires an authentication result
regarding the new function unit. When the acquired authentication
result is affirmative, the setting device transmits, to the new
function unit, setting information for allowing the new function
unit and an existing function unit serving as a function unit
included in the in-vehicle network before the new function unit is
added thereto, to perform communication via a plurality of relay
devices capable of relaying information between the function units.
The new function unit performs setting for the new function unit on
the basis of the setting information received from the setting
device.
[0009] A vehicle communication management method according to the
present disclosure is a vehicle communication management method to
be performed in a setting device. The vehicle communication
management method includes the steps of: acquiring an
authentication result regarding a new function unit serving as a
function unit newly added to an in-vehicle network including one or
a plurality of function units; and performing, when the acquired
authentication result is affirmative, a setting process for
allowing the new function unit and an existing function unit
serving as a function unit included in the in-vehicle network
before the new function unit is added thereto, to perform
communication via a plurality of relay devices capable of relaying
information between the function units, the setting process being
regarding at least one of the relay devices, the existing function
unit, and the new function unit.
[0010] A vehicle communication management method of the present
disclosure is a vehicle communication management method to be
performed in a communication system that includes a setting device
and a new function unit serving as a function unit newly added to
an in-vehicle network including one or a plurality of function
units. The vehicle communication management method includes the
steps of: acquiring, performed by the setting device, information
transmitted from the new function unit and capable of specifying a
function unit serving as a communication target of the new function
unit; acquiring, performed by the setting device, an authentication
result regarding the new function unit; transmitting to the new
function unit, performed by the setting device, when the acquired
authentication result is affirmative, setting information for
allowing the new function unit and an existing function unit
serving as a function unit included in the in-vehicle network
before the new function unit is added thereto, to perform
communication via a plurality of relay devices capable of relaying
information between the function units; and performing setting for
the new function unit, performed by the new function unit, on the
basis of the setting information received from the setting
device.
[0011] One mode of the present disclosure can be realized as a
semiconductor integrated circuit that realizes a part or the
entirety of the setting device. One mode of the present disclosure
can be realized as a program for causing a computer to execute the
steps of the processes in the setting device.
[0012] One mode of the present disclosure can be realized as a
semiconductor integrated circuit that realizes a part or the
entirety of the communication system. One mode of the present
disclosure can be realized as a program for causing a computer to
execute the steps of the processes in the communication system.
BRIEF DESCRIPTION OF DRAWINGS
[0013] FIG. 1 shows a configuration of a communication system
according to an embodiment of the present disclosure.
[0014] FIG. 2 shows setting information in an in-vehicle network
according to the embodiment of the present disclosure.
[0015] FIG. 3 shows a configuration of a relay device according to
the embodiment of the present disclosure.
[0016] FIG. 4 shows a configuration of the communication system
according to the embodiment of the present disclosure.
[0017] FIG. 5 shows an example of a configuration of a new network
in the communication system according to the embodiment of the
present disclosure.
[0018] FIG. 6 shows an example of setting information of the new
network according to the embodiment of the present disclosure.
[0019] FIG. 7 shows another example of a configuration of a new
network in the communication system according to the embodiment of
the present disclosure.
[0020] FIG. 8 shows another example of setting information of the
new network according to the embodiment of the present
disclosure.
[0021] FIG. 9 is a flow chart describing an operation procedure
according to which the relay device constructs a new network in the
communication system according to the embodiment of the present
disclosure.
[0022] FIG. 10 shows an example of the sequence of a construction
process of a new network in the communication system according to
the embodiment of the present disclosure.
[0023] FIG. 11 shows another example of the sequence of a
construction process of a new network in the communication system
according to the embodiment of the present disclosure.
DESCRIPTION OF EMBODIMENTS
[0024] To date, in-vehicle network systems for improving security
in in-vehicle networks have been developed.
Problems to be Solved by the Present Disclosure
[0025] A technology that exceeds the technologies described in
PATENT LITERATURE 1 and 2 and that can flexibly construct a network
having a new configuration through a simple process while ensuring
security in the network is desired.
[0026] The present disclosure has been made in order to solve the
above problem. An object of the present disclosure is to provide a
setting device, a communication system, and a vehicle communication
management method that can flexibly construct a network having a
new configuration through a simple process while ensuring security
in the network.
Effects of the Present Disclosure
[0027] According to the present disclosure, a network having a new
configuration can be flexibly constructed through a simple process
while ensuring security in the network.
DESCRIPTION OF EMBODIMENT OF THE PRESENT DISCLOSURE
[0028] First, the contents of an embodiment of the present
disclosure are listed and described.
[0029] (1) A setting device according to an embodiment of the
present disclosure includes: an acquisition unit configured to
acquire an authentication result regarding a new function unit
serving as a function unit newly added to an in-vehicle network
including one or a plurality of function units; and a setting unit
capable of, when the authentication result acquired by the
acquisition unit is affirmative, performing a setting process for
allowing the new function unit and an existing function unit
serving as a function unit included in the in-vehicle network
before the new function unit is added thereto, to perform
communication via a plurality of relay devices capable of relaying
information between the function units, the setting process being
regarding at least one of the relay devices, the existing function
unit, and the new function unit.
[0030] As described above, when the authentication result regarding
the new function unit is affirmative, the setting device performs
the setting process for allowing the existing function unit and the
new function unit to perform communication via the plurality of
relay devices, the setting process being regarding at least one of
the relay devices, the existing function unit, and the new function
unit. Due to this configuration, for example, when a network for
allowing the existing function unit and the new function unit to
perform communication via the plurality of relay devices is to be
constructed, the authentication process and the like regarding the
new function unit by the relay device, which is a part of devices
in the in-vehicle network, can be omitted. Therefore, a network
having a new configuration can be flexibly constructed through a
simple process while ensuring security in the network.
[0031] (2) Preferably, the setting device further includes a
storage unit configured to store setting information for allowing
each function unit in the in-vehicle network to perform
communication, and the setting unit performs the setting process on
the basis of the setting information in the storage unit.
[0032] Due to this configuration, when a new in-vehicle network
including a new function unit is to be constructed while the
storage unit retains the setting information of the in-vehicle
network whose network configuration is basically fixed, setting
information of the new in-vehicle network is generated by using the
setting information of the existing in-vehicle network acquired
from the storage unit. Therefore, the construction process of the
new in-vehicle network can be simplified.
[0033] (3) Preferably, the setting unit performs the setting
process by using a virtual network for transmitting, to each
function unit in the in-vehicle network, setting information for
allowing each function unit to perform communication.
[0034] Due to this configuration, the setting information can be
transmitted to each function unit in the in-vehicle network from
the setting device by using the virtual network. Therefore, the
setting process regarding each function unit can be simplified.
[0035] (4) Preferably, the setting unit performs, as the setting
process, a process of constructing a new virtual network for
allowing the new function unit and one or a plurality of the
existing function units serving as a communication target of the
new function unit to perform communication.
[0036] Due to this configuration, it is possible to suppress
adverse influence, such as an unauthorized access, that is
associated with addition of a new function unit to the in-vehicle
network, on an existing function unit that is not the communication
target of the new function unit.
[0037] (5) Preferably, when an existing virtual network as a
virtual network for allowing one or a plurality of the existing
function units serving as a communication target of the new
function unit only, to perform communication has been constructed,
the setting unit performs, as the setting process, a setting
process regarding the new function unit and the relay device and
for allowing the new function unit and the one or the plurality of
the existing function units serving as the communication target to
perform communication by using the existing virtual network.
[0038] Due to this configuration, since the setting process
regarding the addition of the new function unit to the existing
virtual network is performed, the construction process of a new
network for allowing only the new function unit and the existing
function unit serving as the communication target to perform
communication is not necessary.
[0039] (6) A communication system according to the embodiment the
present disclosure includes: a setting device; and a new function
unit serving as a function unit newly added to an in-vehicle
network including one or a plurality of function units. The setting
device acquires information transmitted from the new function unit
and capable of specifying a function unit serving as a
communication target of the new function unit. The setting device
acquires an authentication result regarding the new function unit.
When the acquired authentication result is affirmative, the setting
device transmits, to the new function unit, setting information for
allowing the function unit serving as the communication target and
the new function unit to perform communication via a plurality of
relay devices capable of relaying information between the function
units. The new function unit performs setting for the new function
unit on the basis of the setting information received from the
setting device.
[0040] As described above, when the authentication result regarding
the new function unit is affirmative, the setting device transmits,
to the new function unit, setting information for allowing the
existing function unit serving as the communication target and the
new function unit to perform communication via the plurality of
relay devices. Due to this configuration, for example, when a
network for allowing the existing function unit and the new
function unit to perform communication via the plurality of relay
devices is to be constructed, the authentication process and the
like regarding the new function unit by the relay device, which is
a part of devices in the in-vehicle network, can be omitted.
Therefore, a network having a new configuration can be flexibly
constructed through a simple process while ensuring security in the
network.
[0041] (7) A vehicle communication management method according to
the embodiment of the present disclosure is performed in a setting
device. The vehicle communication management method includes the
steps of: acquiring an authentication result regarding a new
function unit serving as a function unit newly added to an
in-vehicle network including one or a plurality of function units;
and performing, when the acquired authentication result is
affirmative, a setting process for allowing the new function unit
and an existing function unit serving as a function unit included
in the in-vehicle network before the new function unit is added
thereto, to perform communication via a plurality of relay devices
capable of relaying information between the function units, the
setting process being regarding at least one of the relay devices,
the existing function unit, and the new function unit.
[0042] As described above, when the authentication result regarding
the new function unit is affirmative, the setting device performs
the setting process for allowing the existing function unit and the
new function unit to perform communication via the plurality of
relay devices, the setting process being regarding at least one of
the relay devices, the existing function unit, and the new function
unit. Due to this method, for example, when a network for allowing
the existing function unit and the new function unit to perform
communication via the plurality of relay devices is to be
constructed, the authentication process and the like regarding the
new function unit by the relay device, which is a part of devices
in the in-vehicle network, can be omitted. Therefore, a network
having a new configuration can be flexibly constructed through a
simple process while ensuring security in the network.
[0043] (8) A vehicle communication management method according to
the embodiment of the present disclosure is performed in a
communication system that includes a setting device and a new
function unit serving as a function unit newly added to an
in-vehicle network including one or a plurality of function units.
The vehicle communication management method includes the steps of:
acquiring, performed by the setting device, information transmitted
from the new function unit and capable of specifying a function
unit serving as a communication target of the new function unit;
acquiring, performed by the setting device, an authentication
result regarding the new function unit; transmitting to the new
function unit, performed by the setting device, when the acquired
authentication result is affirmative, setting information for
allowing the function unit serving as the communication target and
the new function unit to perform communication via a plurality of
relay devices capable of relaying information between the function
units; and performing setting for the new function unit, performed
by the new function unit, on the basis of the setting information
received from the setting device.
[0044] As described above, when the authentication result regarding
the new function unit is affirmative, the setting device transmits,
to the new function unit, setting information for allowing the
existing function unit serving as the communication target and the
new function unit to perform communication via the plurality of
relay devices. Due to this method, for example, when a network for
allowing the existing function unit and the new function unit to
perform communication via the plurality of relay devices is to be
constructed, the authentication process and the like regarding the
new function unit by the relay device, which is a part of devices
of the in-vehicle network, can be omitted. Therefore, a network
having a new configuration can be flexibly constructed through a
simple process while ensuring security in the network.
[0045] Hereinafter, an embodiment of the present disclosure will be
described with reference to the drawings. In the drawings, the same
or corresponding parts are denoted by the same reference signs, and
description thereof is not repeated. At least some of embodiments
described below may be combined as desired.
[0046] [Communication System]
[0047] FIG. 1 shows a configuration of a communication system
according to an embodiment of the present disclosure.
[0048] With reference to FIG. 1, a communication system 300
includes: one or a plurality of in-vehicle ECUs (Electronic Control
Units) 111; a plurality of relay devices 100; and a server 200.
[0049] More specifically, the communication system 300 includes
in-vehicle ECUs 111A to 111D as the in-vehicle ECUs 111; and a
relay device 100A and a relay device 100B as the relay devices 100.
The relay device 100A is an example of a setting device.
[0050] Each in-vehicle ECU 111 is, for example, a TCU (Telematics
Communication Unit), an automated driving ECU, an engine ECU, a
sensor, a navigation device, a human machine interface, a camera,
or the like. The TCU performs communication with a device outside
the vehicle, e.g., the server 200, via a wireless base station or
the like (not shown).
[0051] Each relay device 100 is a gateway device, for example, and
can relay information between a plurality of in-vehicle ECUs 111
connected to the relay device 100. More specifically, the relay
device 100 can perform a relay process according to a layer 2, and
a layer 3, which is of a higher order than the layer 2, for
example.
[0052] Each in-vehicle ECU 111 is an example of a function unit in
an in-vehicle network 12. The in-vehicle ECUs 111 and the relay
devices 100 form the in-vehicle network 12.
[0053] The configuration of the communication system 300 is not
limited to a configuration that includes four in-vehicle ECUs 111,
but may be a configuration that includes one, two, three, five, or
more in-vehicle ECUs 111. The configuration of the communication
system 300 is not limited to a configuration that includes two
relay devices 100, and may be a configuration that includes three
or more relay devices 100.
[0054] The connection relationship between the function units in
the in-vehicle network 12 of the vehicle is fixed, for example.
[0055] In the in-vehicle network 12, the in-vehicle ECU 111 is
connected to the relay device 100 via an Ethernet (registered
trademark) cable 11, for example.
[0056] More specifically, the relay device 100A includes
communication ports 1A, 2A, 3A, 4A. The relay device 100B includes
communication ports 1B, 2B, 3B, 4B. The communication ports 1A, 2A,
3A, 4A, 1B, 2B, 3B, 4B are each a terminal to which an Ethernet
cable 11 can be connected, for example.
[0057] The in-vehicle ECU 111A is connected via an Ethernet cable
11 to the communication port 2A in the relay device 100A.
[0058] The in-vehicle ECU 111B is connected via an Ethernet cable
11 to the communication port 3A in the relay device 100A.
[0059] The in-vehicle ECU 111C is connected via an Ethernet cable
11 to the communication port 2B in the relay device 100B.
[0060] The in-vehicle ECU 111D is connected via an Ethernet cable
11 to the communication port 3B in the relay device 100B.
[0061] The communication port 4A in the relay device 100A and the
communication port 1B in the relay device 100B are connected to
each other via an Ethernet cable 11.
[0062] The relay device 100 performs a relay process of an Ethernet
frame in accordance with an Ethernet communication standard.
Specifically, the relay device 100 relays an Ethernet frame that is
communicated between in-vehicle ECUs 111, for example. An IP packet
is stored in the Ethernet frame.
[0063] The configuration of the communication system 300 is not
limited to a configuration in which relay of the Ethernet frame is
performed in accordance with the Ethernet communication standard,
and may be a configuration in which relay of data is performed in
accordance with a communication standard such as CAN (Controller
Area Network) (registered trademark), FlexRay (registered
trademark), MOST (Media Oriented Systems Transport) (registered
trademark), or LIN (Local Interconnect Network), for example.
[0064] In the in-vehicle network 12, one or a plurality of virtual
networks are constructed. Specifically, the in-vehicle ECU 111A and
the in-vehicle ECU 111C belong to a VLAN (Virtual Local Area
Network) 10, and the in-vehicle ECU 111B and the in-vehicle ECU
111D belong to a VLAN 20 different from the VLAN 10.
[0065] FIG. 2 shows setting information of the in-vehicle network
according to the embodiment of the present disclosure.
[0066] In the following, for convenience, the port numbers of the
communication ports 1A, 2A, 3A, 4A of the relay device 100A are
defined as "1", "2", "3", "4", respectively, and the port numbers
of the communication ports 1B, 2B, 3B, 4B of the relay device 100B
are defined as "1", "2", "3", "4", respectively. Each in-vehicle
ECU 111 includes one communication port, and the port number of the
communication port is defined as "1".
[0067] With reference to FIG. 2, the ID of the VLAN corresponding
to the communication port 2A of the relay device 100A is "VLAN 10",
the ID of the VLAN corresponding to the communication port 3A of
the relay device 100A is "VLAN 20", and the ID of the VLAN
corresponding to the communication port 4A of the relay device 100A
is "VLAN 10" and "VLAN 20".
[0068] The ID of the VLAN corresponding to the communication port
1B of the relay device 100B is "VLAN 10" and "VLAN 20", the ID of
the VLAN corresponding to the communication port 2B of the relay
device 100B is "VLAN 10", and the ID of the VLAN corresponding to
the communication port 3B of the relay device 100B is "VLAN"
20.
[0069] The ID of the VLAN corresponding to the communication port 1
of each of the in-vehicle ECUs 111A, 111C is "VLAN 10", and the ID
of the VLAN corresponding to the communication port 1 of each of
the in-vehicle ECUs 111B, 111D is "VLAN 20".
[0070] Each relay device 100 performs a relay process of an
Ethernet frame between in-vehicle ECUs 111 that belong to the same
VLAN, for example. Specifically, on the basis of the transmission
source MAC (Media Access Control) address and the transmission
destination MAC address included in a received Ethernet frame, the
relay device 100 transmits the Ethernet frame to a transmission
destination in-vehicle ECU 111 that belongs to the same VLAN as
that of the transmission source.
[0071] In addition, the relay device 100 performs a relay process
of an IP packet between in-vehicle ECUs 111 that belong to
different VLANs, for example. Specifically, the relay device 100
acquires an IP packet from a received Ethernet frame, and on the
basis of the transmission destination IP address of the acquired IP
packet, the relay device 100 transmits the IP packet to a
transmission destination in-vehicle ECU 111 that belongs to a VLAN
different from that of the transmission source.
[0072] [Relay Device]
[0073] FIG. 3 shows a configuration of the relay device according
to the embodiment of the present disclosure. FIG. 3 shows a
configuration of the relay device 100A shown in FIG. 1.
[0074] With reference to FIG. 3, the relay device 100A includes a
relay processing unit 110, a detection unit 120, an authentication
result acquisition unit 130, an authentication unit 140, a setting
unit 150, and a storage unit 160. The storage unit 160 is a flash
memory, for example. The relay processing unit 110, the detection
unit 120, the authentication result acquisition unit 130, the
authentication unit 140, and the setting unit 150 are each realized
by a processor such as a CPU (Central Processing Unit) or a DSP
(Digital Signal Processor), for example.
[0075] The relay processing unit 110 performs a relay process of an
Ethernet frame between in-vehicle ECUs 111.
[0076] More specifically, when the relay processing unit 110 has
received an Ethernet frame from an in-vehicle ECU 111 or the relay
device 100B via a corresponding Ethernet cable 11, the relay
processing unit 110 transmits the received Ethernet frame to the
transmission destination in-vehicle ECU 111 or the relay device
100B via a corresponding Ethernet cable 11.
[0077] In addition, when the relay processing unit 110 has
received, from a new function unit newly added to the in-vehicle
network 12, an Ethernet frame addressed to the relay device 100 to
which the relay processing unit 110 belongs, the relay processing
unit 110 outputs the received Ethernet frame to the detection unit
120.
[0078] [Detection Unit]
[0079] The detection unit 120 detects a new function unit newly
added to the in-vehicle network 12.
[0080] FIG. 4 shows a configuration of the communication system
according to the embodiment of the present disclosure. FIG. 4 shows
a configuration of the in-vehicle network 12 obtained by newly
adding an in-vehicle ECU 111E to the in-vehicle network 12 shown in
FIG. 1.
[0081] With reference to FIG. 4, the in-vehicle ECU 111E is
connected via an Ethernet cable 11 to the communication port 1A in
the relay device 100A.
[0082] The in-vehicle ECU 111E is an example of a new function
unit, which is a function unit newly added to the in-vehicle
network 12.
[0083] Hereinafter, the in-vehicle network 12 including a new
function unit is also referred to as a new network, the in-vehicle
network 12 before the new function unit is added thereto is also
referred to as an existing network, and each function unit included
in the existing network is also referred to as an existing function
unit.
[0084] The in-vehicle ECU 111E communicates an Ethernet frame with
a function unit serving as a communication target. Hereinafter, the
function unit serving as a communication target of a new function
unit is also referred to as a target function unit.
[0085] When the in-vehicle ECU 111E has been connected via an
Ethernet cable 11 to the relay device 100A, the in-vehicle ECU 111E
transmits, to the relay device 100A, information capable of
specifying an in-vehicle ECU 111 serving as the communication
target of the in-vehicle ECU 111E.
[0086] More specifically, when the in-vehicle ECU 111E has been
connected via an Ethernet cable 11 to the communication port 1A in
the relay device 100A, the in-vehicle ECU 111E generates connection
request information including the ID, e.g., MAC address, of the
in-vehicle ECU 111C serving as the communication target of the
in-vehicle ECU 111E.
[0087] Then, the in-vehicle ECU 111E generates an Ethernet frame
that includes the generated connection request information, the ID
of the in-vehicle ECU 111E, an authentication password as secret
information, and the MAC address of the relay device 100A as the
transmission destination MAC address, and transmits the generated
Ethernet frame to the relay device 100A.
[0088] Upon receiving via the relay processing unit 110 the
Ethernet frame from the in-vehicle ECU 111E, the detection unit 120
in the relay device 100A acquires the connection request
information, the ID of the in-vehicle ECU 111E, and the
authentication password from the received Ethernet frame, thereby
detecting the addition of the in-vehicle ECU 111E to the in-vehicle
network 12.
[0089] The detection unit 120 outputs the connection request
information, the ID of the in-vehicle ECU 111E, and the
authentication password that have been acquired, to the
authentication result acquisition unit 130.
[0090] [Authentication Result Acquisition Unit]
[0091] The authentication result acquisition unit 130 is an example
of an acquisition unit that acquires the authentication result
regarding the in-vehicle ECU 111E serving as a new function unit
that has been newly added to the in-vehicle network 12.
[0092] For example, upon receiving the connection request
information, the ID of the in-vehicle ECU 111E, and the
authentication password from the detection unit 120, the
authentication result acquisition unit 130 outputs the connection
request information, the ID of the new function unit, and the
authentication password that have been received, to the
authentication unit 140.
[0093] Upon receiving the connection request information, the ID of
the in-vehicle ECU 111E, and the authentication password from the
authentication result acquisition unit 130, the authentication unit
140 performs an authentication process regarding the in-vehicle ECU
111E, by using the connection request information, the ID of the
in-vehicle ECU 111E, and the authentication password that have been
received.
[0094] As a result of the authentication process, when the
authentication unit 140 has determined that the in-vehicle ECU 111E
is not an authentic communication counterpart with the target
function unit, the authentication unit 140 outputs, to the
authentication result acquisition unit 130, authentication
information indicating a negative authentication result as the
authentication result regarding the in-vehicle ECU 111E.
[0095] Upon receiving the authentication information indicating the
negative authentication result from the authentication unit 140,
the authentication result acquisition unit 130 generates an
Ethernet frame that includes connection non-permitting information
indicating that the connection is not permitted, and the MAC
address of the in-vehicle ECU 111E as the transmission destination
MAC address, and transmits the generated Ethernet frame to the
in-vehicle ECU 111E via the relay processing unit 110.
[0096] Meanwhile, as a result of the authentication process, when
the authentication unit 140 has confirmed that the in-vehicle ECU
111E is an authentic communication counterpart with the target
function unit indicated by the connection request information, the
authentication unit 140 outputs, to the authentication result
acquisition unit 130, authentication information indicating an
affirmative authentication result as the authentication result
regarding the in-vehicle ECU 111E.
[0097] Upon receiving the authentication information indicating the
affirmative authentication result from the authentication unit 140,
the authentication result acquisition unit 130 outputs, to the
setting unit 150, the connection request information and the ID of
the in-vehicle ECU 111E that have been received from the detection
unit 120.
[0098] [Setting Unit]
[0099] When the authentication result acquired by the
authentication result acquisition unit 130 is affirmative, the
setting unit 150 can perform a setting process for allowing an
existing function unit and the in-vehicle ECU 111E to perform
communication via the relay devices 100A, 100B, the setting process
being regarding at least one of the function units and the relay
devices 100A, 100B.
[0100] Specifically, when the authentication result acquired by the
authentication result acquisition unit 130 is affirmative, the
setting unit 150 performs the setting process for allowing the
existing function unit and the in-vehicle ECU 111E to perform
communication via the relay device 100A and the relay device 100B,
the setting process being regarding each function unit.
[0101] More specifically, upon receiving the connection request
information and the ID of the in-vehicle ECU 111E from the
authentication result acquisition unit 130, the setting unit 150
generates, on the basis of the connection request information and
the ID of the in-vehicle ECU 111E that have been received, setting
information of a new network for allowing the target function unit
indicated by the connection request information and the in-vehicle
ECU 111E to perform communication via the relay device 100A,
100B.
[0102] For example, the storage unit 160 stores therein setting
information of the in-vehicle network 12 whose connection
relationship between function units is fixed as described
above.
[0103] More specifically, the storage unit 160 stores setting
information for allowing each existing function unit to perform
communication in the existing network. Specifically, the storage
unit 160 stores the setting information shown in FIG. 2 as the
setting information of the existing network.
[0104] The setting unit 150 performs the setting process on the
basis of the setting information in the storage unit 160.
[0105] More specifically, the setting unit 150 generates setting
information of a new network on the basis of the setting
information of the existing network in the storage unit 160 and the
connection request information received from the authentication
result acquisition unit 130.
[0106] The setting unit 150 updates the existing setting
information in the storage unit 160 to the generated new setting
information.
[0107] Then, on the basis of the setting information after the
update in the storage unit 160, the setting unit 150 specifies a
function unit for which setting change in the new network is
necessary, and the setting unit 150 notifies the specified function
unit and the in-vehicle ECU 111E of the setting content.
Setting Process Example 1
[0108] For example, as the setting process, the setting unit 150
performs a process of constructing a new virtual network for
allowing the in-vehicle ECU 111E and one or a plurality of target
function units to perform communication.
[0109] In the following, a case where the in-vehicle ECU 111E
serving as a new function unit is added to the in-vehicle network
12 as shown in FIG. 4 and the target function unit indicated by the
connection request information transmitted from the in-vehicle ECU
111E is the in-vehicle ECU 111C, is assumed.
[0110] When the setting unit 150 has received, from the
authentication result acquisition unit 130, connection request
information indicating that the target function unit is the
in-vehicle ECU 111C, the setting unit 150 generates setting
information of a new network including a new virtual network for
allowing only the in-vehicle ECU 111E and the in-vehicle ECU 111C
to perform communication.
[0111] Specifically, the setting unit 150 generates setting
information of a new network including a new VLAN 30 for allowing
only the in-vehicle ECU 111E and the in-vehicle ECU 111C to perform
communication.
[0112] FIG. 5 shows an example of a configuration of a new network
in the communication system according to the embodiment of the
present disclosure.
[0113] FIG. 6 shows an example of setting information of the new
network according to the embodiment of the present disclosure.
[0114] With reference to in FIG. 6, as the setting information of
the new network, the setting unit 150 generates new setting
information in which: in the setting information of the existing
network shown in FIG. 2, "VLAN 30" is added as the ID of the VLAN
that corresponds to the communication ports 1A, 4A of the relay
device 100A; "VLAN 30" is added as the ID of the VLAN that
corresponds to the communication ports 1B, 2B of the relay device
100B; and "VLAN 30" is added as the ID of the VLAN that corresponds
to the communication port 1 of each of the in-vehicle ECUs 111C,
111E.
[0115] The setting unit 150 updates the existing setting
information in the storage unit 160 to the generated new setting
information.
[0116] On the basis of the setting information after the update in
the storage unit 160, the setting unit 150 notifies the relay
device 100B, the in-vehicle ECU 111C, and the in-vehicle ECU 111E,
which are the function units for which setting change in the new
network is necessary, of the setting content.
[0117] For example, it is assumed that, in the in-vehicle network
12, a virtual network, e.g., VLAN 50, in which setting information
for allowing each function unit to perform communication is
communicated between the function units, has been constructed. The
setting unit 150 performs the setting process by using the VLAN
50.
[0118] More specifically, the setting unit 150 generates an
Ethernet frame including setting information of the new network,
and transmits the generated Ethernet frame to the relay device 100B
and the in-vehicle ECUs 111C, 111E via the relay processing unit
110 by using the VLAN 50.
[0119] For example, the relay devices 100A, 100B transmit the
Ethernet frame including the setting information, by using an
encryption scheme based on secret information shared in
advance.
[0120] The in-vehicle ECU 111E, the in-vehicle ECU 111C, and the
relay device 100B perform setting change in accordance with the
setting information included in the Ethernet frame received via the
relay processing unit 110 from the setting unit 150.
[0121] Specifically, the in-vehicle ECU 111E adds "VLAN 30" as the
VLAN that corresponds to communication port 1 of the in-vehicle ECU
111E, in accordance with the setting information included in the
received Ethernet frame.
[0122] The in-vehicle ECU 111C adds "VLAN 30" as the VLAN that
corresponds to the communication port 1 of the in-vehicle ECU 111C,
in accordance with the setting information included in the received
Ethernet frame.
[0123] The setting unit 150 adds "VLAN 30" as the VLAN that
corresponds to the communication ports 1A, 4A of the relay device
100A.
[0124] The relay device 100B adds "VLAN 30" as the VLAN that
corresponds to the communication ports 1B, 2B, in accordance with
the setting information included in the received Ethernet
frame.
[0125] In this manner, in the communication system 300, when a new
VLAN 30 for allowing the in-vehicle ECU 111E and the in-vehicle ECU
111C to perform communication is to be constructed, the
authentication process regarding the in-vehicle ECU 111E by the
relay device 100B is not necessary. That is, without performing the
authentication process regarding the in-vehicle ECU 111E, the relay
device 100B can perform setting change in accordance with the
setting information received from the setting unit 150.
[0126] [Setting process example 2] For example, when an existing
virtual network as a virtual network for allowing one or a
plurality of target function units only, to perform communication
has been constructed, the setting unit 150 performs, as the setting
process, a setting process regarding the in-vehicle ECU 111E and
the relay device 100A and for allowing the in-vehicle ECU 111E and
the target function units to perform communication by using the
existing virtual network.
[0127] In the following, a case where the in-vehicle ECU 111E
serving as a new function unit is added to the in-vehicle network
12 as shown in FIG. 4 and the target function unit indicated by the
connection request information transmitted from the in-vehicle ECU
111E is the in-vehicle ECU 111A and the in-vehicle ECU 111C, is
assumed.
[0128] When the setting unit 150 has received from the
authentication result acquisition unit 130, connection request
information indicating that the target function unit is the
in-vehicle ECUs 111A, 111C, the setting unit 150 generates setting
information of a new network including a virtual network for
allowing the in-vehicle ECU 111E and the in-vehicle ECUs 111A, 111C
to perform communication.
[0129] Specifically, when the setting unit 150 has confirmed, with
reference to the setting information in the storage unit 160, that
the VLAN 10 for allowing only the in-vehicle ECU 111A and the
in-vehicle ECU 111C to perform communication is included in the
existing network, the setting unit 150 generates setting
information of a new network for allowing the in-vehicle ECU 111E
and the in-vehicle ECUs 111A, 111C to perform communication by
using the VLAN 10.
[0130] FIG. 7 shows another example of a configuration of a new
network in the communication system according to the embodiment of
the present disclosure.
[0131] FIG. 8 shows another example of setting information of the
new network according to the embodiment of the present
disclosure.
[0132] With reference to FIG. 8, as the setting information of the
new network, the setting unit 150 generates new setting information
in which: in the setting information of the existing network shown
in FIG. 2, "VLAN 10" is added as the ID of the VLAN that
corresponds to the communication port 1A of the relay device 100A;
and "VLAN 10" is added as the ID of the VLAN that corresponds to
the communication port 1 of the in-vehicle ECU 111E serving as the
new function unit.
[0133] The setting unit 150 updates the existing setting
information in the storage unit 160 to the generated new setting
information.
[0134] On the basis of the setting information after the update in
the storage unit 160, the setting unit 150 notifies the in-vehicle
ECU 111E, which is the function unit for which setting change in
the new network is necessary, of the setting content.
[0135] More specifically, the setting unit 150 generates an
Ethernet frame including the setting information, and transmits the
generated Ethernet frame to the in-vehicle ECU 111E via the relay
processing unit 110 by using the VLAN 50 described above.
[0136] The in-vehicle ECU 111E performs setting change in
accordance with the setting information included in the Ethernet
frame received via the relay processing unit 110 from the setting
unit 150.
[0137] Specifically, the in-vehicle ECU 111E adds "VLAN 10" as the
VLAN that corresponds to the communication port 1 of the in-vehicle
ECU 111E, in accordance with the setting information included in
the received Ethernet frame.
[0138] The setting unit 150 adds "VLAN 10" as the VLAN that
corresponds to the communication port 1A of the relay device
100A.
[0139] As described above, in the communication system 300, when a
new VLAN 30 for allowing the in-vehicle ECU 111E and the in-vehicle
ECU 111C to perform communication is to be constructed, the
authentication process regarding the in-vehicle ECU 111E by the
relay device 100B is not necessary.
[0140] [Operation Flow]
[0141] Each device in the communication system according to the
embodiment of the present disclosure includes a computer that
includes a memory. An arithmetic processing unit such as a CPU in
the computer reads out, from the memory, a program including a part
or all of steps in the flow chart and sequence shown below, and
executes the program. Programs of the plurality of devices can each
be installed from outside. The programs of the plurality of devices
are each distributed in a state of being stored in a storage
medium.
[0142] FIG. 9 is a flow chart describing an operation procedure
according to which the relay device constructs a new network in the
communication system according to the embodiment of the present
disclosure.
[0143] With reference to FIG. 9, first, the relay device 100A waits
for addition of a new function unit to the in-vehicle network 12
(NO in step S102), and upon detection of addition of a new function
unit to the in-vehicle network 12 (YES in step S102), the relay
device 100A performs an authentication process regarding the
detected new function unit (step S104).
[0144] Next, when the authentication result is negative (NO in step
S106), the relay device 100A transmits, to the new function unit,
connection non-permitting information indicating that the
connection is not permitted (step S108).
[0145] Next, the relay device 100A waits for new addition of a new
function unit to the in-vehicle network 12 (NO in step S102).
[0146] Meanwhile, when the authentication result is affirmative
(YES in step S106), the relay device 100A generates setting
information of a new network for allowing the relay device 100B and
the target function unit, and the new function unit to perform
communication (step S110).
[0147] Next, on the basis of the generated setting information, the
relay device 100A specifies a function unit for which setting
change in the new network is necessary, and transmits the setting
information to the specified function unit and the in-vehicle ECU
111E (step S112).
[0148] Next, the relay device 100A waits for new addition of a new
function unit to the in-vehicle network 12 (NO in step S102).
[0149] FIG. 10 shows an example of the sequence of a construction
process of a new network in the communication system according to
the embodiment of the present disclosure. FIG. 10 shows an example
of the sequence of a construction process of the new network as
shown in FIG. 5.
[0150] With reference to FIG. 10, first, in the existing in-vehicle
network 12, the in-vehicle ECU 111A and the in-vehicle ECU 111C
belong to the same VLAN 10, and are performing communication with
each other via the relay devices 100A, 100B by using the VLAN 10
(step S202).
[0151] Next, when the in-vehicle ECU 111E serving as the new
function unit newly added to the in-vehicle network 12 has been
connected to the relay device 100A, the in-vehicle ECU 111E
transmits, to the relay device 100A, connection request information
including information capable of specifying the in-vehicle ECU 111C
serving as the communication target of the in-vehicle ECU 111E
(step S204).
[0152] Next, upon receiving the connection request information from
the in-vehicle ECU 111E, the relay device 100A detects the
in-vehicle ECU 111E, and performs an authentication process
regarding the in-vehicle ECU 111E (step S206).
[0153] Next, when the authentication result is affirmative, the
relay device 100A generates setting information of a new network
for allowing the relay device 100B and the in-vehicle ECU 111C, and
the in-vehicle ECU 111E to perform communication by using the VLNA
30. Specifically, the setting information as shown in FIG. 6 is
generated (step S208).
[0154] Next, the relay device 100A transmits the generated setting
information to the relay device 100B, the in-vehicle ECU 111C, and
the in-vehicle ECU 111E, which are the function units for which
setting change in the new network is necessary (step S210).
[0155] Next, the relay device 100A performs setting change on the
basis of the generated setting information (step S212).
[0156] The in-vehicle ECU 111E performs setting change in
accordance with the setting information received from the relay
device 100A (step S214).
[0157] The relay device 100B performs setting change in accordance
with the setting information received from the relay device 100A
(step S216).
[0158] The in-vehicle ECU 111C performs setting change in
accordance with the setting information received from the relay
device 100A (step S218).
[0159] Next, in the new network 12, the in-vehicle ECU 111A and the
in-vehicle ECU 111C perform communication with each other via the
relay devices 100A, 100B by using the VLAN 10 (step S220).
[0160] In the new network 12, the in-vehicle ECU 111E and the
in-vehicle ECU 111C perform communication with each other via the
relay devices 100A, 100B by using the newly generated VLAN 30 (step
S222).
[0161] FIG. 11 shows another example of the sequence of a
construction process of a new network in the communication system
according to the embodiment of the present disclosure. FIG. 11
shows an example of the sequence of a construction process of the
new network as shown in FIG. 7.
[0162] With reference to FIG. 11, first, in the existing in-vehicle
network 12, the in-vehicle ECU 111A and the in-vehicle ECU 111C
belong to the same VLAN 10, and are performing communication with
each other via the relay devices 100A, 100B by using the VLAN 10
(step S302).
[0163] Next, when the in-vehicle ECU 111E serving as the new
function unit newly added to the in-vehicle network 12 has been
connected to the relay device 100A, the in-vehicle ECU 111E
transmits, to the relay device 100A, connection request information
including information capable of specifying the in-vehicle ECUs
111A, 111C serving as the communication target of the in-vehicle
ECU 111E (step S304).
[0164] Next, upon receiving the connection request information from
the in-vehicle ECU 111E, the relay device 100A detects the
in-vehicle ECU 111E and performs an authentication process
regarding the in-vehicle ECU 111E (step S306).
[0165] Next, when the authentication result is affirmative, the
relay device 100A generates setting information of a new network
for allowing the relay device 100B and the in-vehicle ECUs 111A,
111C, and the in-vehicle ECU 111E to perform communication by using
the VLNA 10. Specifically, the setting information as shown in FIG.
8 is generated (step S308).
[0166] Next, the relay device 100A transmits the generated setting
information to the in-vehicle ECU 111E, which is the function unit
for which setting change in the new network is necessary (step
S310).
[0167] Next, the relay device 100A performs setting change on the
basis of the generated setting information (step S312).
[0168] The in-vehicle ECU 111E performs setting change in
accordance with the setting information received from the relay
device 100A (step S314).
[0169] Next, in the new network 12, the in-vehicle ECU 111A, the
in-vehicle ECU 111C, and the in-vehicle ECU 111E perform
communication with each other via the relay devices 100A, 100B by
using the VLAN 10 (step S316).
[0170] In the communication system 300 according to the embodiment
of the present disclosure, out of the two relay devices 100, the
relay device 100A, to which the in-vehicle ECU 111E serving as the
new function unit is connected, performs, as the setting device,
the acquisition of the authentication result regarding the
in-vehicle ECU 111E and the setting process. However, the present
disclosure is not limited thereto. Out of the two relay devices
100, the relay device 100B, which is the relay device 100 to which
the in-vehicle ECU 111E is not connected, may perform the
acquisition of the authentication result and the setting
process.
[0171] A device other than the relay device 100 in the in-vehicle
network 12 may perform, as the setting device, the acquisition of
the authentication result and the setting process. For example, a
device not positioned on the communication path between a new
function unit and a target function unit in the in-vehicle network
12 may perform, as the setting device, the acquisition of the
authentication result and the setting process.
[0172] A device outside the vehicle, e.g., the server 200, may
perform, as the setting device, the acquisition of the
authentication result and the setting process. In this case, the
server 200 performs communication with a TCU in the in-vehicle
network 12, thereby performing acquisition of connection request
information transmitted from the in-vehicle ECU 111E, which is
information capable of specifying the target function unit, the
acquisition of the authentication result, the setting process, and
the like.
[0173] In the communication system 300 according to the embodiment
of the present disclosure, the in-vehicle ECU 111E serving as the
new function unit transmits, to the relay device 100A, connection
request information including the MAC address of the in-vehicle ECU
111C, as the information capable of specifying the in-vehicle ECU
111C serving as the target function unit. However, the present
disclosure is not limited thereto. As the information capable of
specifying the in-vehicle ECU 111C, the in-vehicle ECU 111E may
transmit, to the relay device 100A, another type of information
such as the IP address of the in-vehicle ECU 111C.
[0174] In the relay device 100A according to the embodiment of the
present disclosure, the authentication result acquisition unit 130
acquires the authentication result regarding the in-vehicle ECU
111E from the authentication unit 140 in the relay device 100A.
However, the present disclosure is not limited thereto. The
authentication result acquisition unit 130 may acquire the
authentication result regarding the in-vehicle ECU 111E from a
device other than the relay device 100A.
[0175] In the relay device 100A according to the embodiment of the
present disclosure, the detection unit 120 detects an in-vehicle
ECU 111 serving as a new function unit that is newly added to the
in-vehicle network 12. However, the present disclosure is not
limited thereto. The detection unit 120 may detect, as a new
function unit, an application installed in an existing in-vehicle
ECU 111 in the in-vehicle network 12. That is, the new function
unit may be hardware or may be software.
[0176] In the relay device 100A according to the embodiment of the
present disclosure, the setting unit 150 generates setting
information of a new network on the basis of the setting
information of the existing network in the storage unit 160.
However, the present disclosure is not limited thereto. The setting
unit 150 may transmit to, each function unit in the in-vehicle
network 12, an information request notification for requesting
transmission of information indicating the setting content of the
function unit, and on the basis of the setting content received
from each function unit as a response to the information request
notification, the setting unit 150 may generate setting information
of the new network.
[0177] In the relay device 100A according to the embodiment of the
present disclosure, the setting unit 150 transmits, to each
function unit in the in-vehicle network 12, setting information by
using the VLAN 50 for allowing the setting information to be
communicated between the function units. However, the present
disclosure is not limited thereto. The setting unit 150 may
transmit the setting information to a transmission destination
function unit by using a VLAN for allowing communication to be
performed between some function units in the in-vehicle network
12.
[0178] Further, for example, the relay devices 100A, 100B may
communicate setting information and the like by using a network
setting API (Application Programming Interface) used in a consumer
product.
[0179] In the relay device 100A according to the embodiment of the
present disclosure, the setting unit 150 specifies a function unit
for which setting change in the new network is necessary, and
transmits the setting information after update to the specified
function unit and the in-vehicle ECU 111E. However, the present
disclosure is not limited thereto. The setting unit 150 may
generate, for each of the specified function unit and the
in-vehicle ECU 111E, setting change information indicating the
content of setting change for each function unit, and transmit, to
the specified function unit and the in-vehicle ECU 111E, the
corresponding setting change information.
[0180] [Problem]
[0181] For example, if a high-performance sensor that transmits a
measurement result to an automated driving ECU, which is an example
of the in-vehicle ECU 111, is added to the existing in-vehicle
network 12 including the automated driving ECU, the control
function of the automated driving ECU in automated driving can be
improved.
[0182] Thus, there is a demand for a technology that customizes the
in-vehicle network 12 by newly adding an in-vehicle ECU 111 to the
existing in-vehicle network 12.
[0183] However, in a state where an in-vehicle ECU 111 is newly
added to the in-vehicle network 12, that the in-vehicle ECU 111 and
the target function unit perform communication by using an existing
virtual network in the new in-vehicle network 12 is not preferable
in terms of security of the in-vehicle network 12 in some
cases.
[0184] Specific description is given below. In the following, a
case where the in-vehicle ECU 111E serving as a new function unit
is added to the in-vehicle network 12 as shown in FIG. 4 and the
target function unit indicated by connection request information
transmitted from the in-vehicle ECU 111E is the in-vehicle ECU
111C, is assumed.
[0185] For example, when the relay device 100A has received the
connection request information from the in-vehicle ECU 111E and has
constructed a new network as shown in FIG. 7, the in-vehicle ECU
111E becomes able to perform communication not only with the
in-vehicle ECU 111C serving as the target function unit but also
with the in-vehicle ECU 111A with which, originally, the in-vehicle
ECU 111E need not perform communication.
[0186] For example, when the in-vehicle ECU 111E is an unauthorized
ECU, there is a risk that not only the in-vehicle ECU 111C but also
the in-vehicle ECU 111A is subjected to an unauthorized access.
[0187] Therefore, in order to avoid a situation where the
in-vehicle ECU 111A is subjected to an unauthorized access,
construction of a new network, e.g., a new network as shown in FIG.
5, in which only communication with the in-vehicle ECU 111C serving
as the target function unit is permitted to the in-vehicle ECU
111E, is conceivable.
[0188] However, when the new network as shown in FIG. 5 is
constructed, the authentication process regarding the in-vehicle
ECU 111E and change of the network configuration need to be
performed in each relay device 100, i.e., the relay devices 100A,
100B, present on the communication path between the in-vehicle ECU
111E and the in-vehicle ECU 111C.
[0189] Therefore, it takes time from when the in-vehicle ECU 111E
is added to the in-vehicle network 12 until when communication
between the in-vehicle ECU 111E and the in-vehicle ECU 111C is
enabled.
[0190] Further, all of the relay devices 100 that are present on
the communication path between the in-vehicle ECU 111E and the
in-vehicle ECU 111C need to be provided with an authentication
function for authenticating the in-vehicle ECU 111E to be newly
added. This increases the cost required in development of hardware
and software.
[0191] In contrast to this, in the relay device 100A according to
the embodiment of the present disclosure, the authentication result
acquisition unit 130 acquires an authentication result regarding a
new function unit serving as a function unit newly added to the
in-vehicle network 12 including one or a plurality of function
units. When the authentication result acquired by the
authentication result acquisition unit 130 is affirmative, the
setting unit 150 can perform a setting process for allowing the new
function unit and an existing function unit serving as a function
unit included in the in-vehicle network 12 before the new function
unit is added thereto, to perform communication via a plurality of
relay devices 100A, 100B capable of relaying information between
the function units, the setting process being regarding at least
one of the relay devices, the existing function unit, and the new
function unit.
[0192] As described above, when the authentication result regarding
the new function unit is affirmative, the relay device 100A
performs the setting process for allowing the existing function
unit and the new function unit to perform communication via the
plurality of relay devices 100A, 100B, the setting process being
regarding at least one of the relay devices 100A, 100B, the
existing function unit, and the new function unit. Due to this
configuration, for example, when a network for allowing the
existing function unit and the new function unit to perform
communication via the plurality of relay devices 100A, 100B is to
be constructed, the authentication process and the like regarding
the new function unit by the relay device 100B, which is a part of
devices in the in-vehicle network 12, can be omitted.
[0193] Therefore, in the relay device 100A according to the
embodiment of the present disclosure, a network having a new
configuration can be flexibly constructed through a simple process
while ensuring security in the network.
[0194] In the relay device 100A according to the embodiment of the
present disclosure, the storage unit 160 stores setting information
for allowing each function unit in the in-vehicle network 12 to
perform communication. The setting unit 150 performs the setting
process on the basis of the setting information in the storage unit
160.
[0195] Due to this configuration, when a new in-vehicle network 12
including a new function unit is to be constructed while the
storage unit 160 retains the setting information of the in-vehicle
network 12 whose network configuration is basically fixed, setting
information of the new in-vehicle network 12 is generated by using
the setting information of the existing in-vehicle network 12
acquired from the storage unit 160. Therefore, the construction
process of the new in-vehicle network 12 can be simplified.
[0196] In the relay device 100A according to the embodiment of the
present disclosure, the setting unit 150 performs the setting
process by using a virtual network for transmitting, to each
function unit in the in-vehicle network 12, setting information for
allowing the function unit to perform communication.
[0197] Due to this configuration, the setting information can be
transmitted to each function unit in the in-vehicle network 12 from
the relay device 100A by using the virtual network. Therefore, the
setting process regarding each function unit can be simplified.
[0198] In the relay device 100A according to the embodiment of the
present disclosure, the setting unit 150 performs, as the setting
process, a process of constructing a new virtual network for
allowing a new function unit and one or a plurality of the existing
function units serving as the communication target of the new
function unit to perform communication.
[0199] Due to this configuration, it is possible to suppress
adverse influence, such as an unauthorized access, that is
associated with addition of a new function unit to the in-vehicle
network 12, on an existing function unit that is not the
communication target of the new function unit.
[0200] In the relay device 100A according to the embodiment of the
present disclosure, when an existing virtual network as a virtual
network for allowing one or a plurality of existing function units
serving as the communication target of the new function unit only,
to perform communication has been constructed, the setting unit 150
performs, as the setting process, a setting process regarding the
new function unit and the relay device 100A and for allowing the
new function unit and the one or the plurality of existing function
units serving as the communication target to perform communication
by using the existing virtual network.
[0201] Due to this configuration, since the setting process
regarding the addition of the new function unit to the existing
virtual network is performed, the construction process of a new
network for allowing only the new function unit and the existing
function unit serving as the communication target to perform
communication is not necessary.
[0202] The communication system 300 according to the embodiment of
the present disclosure includes the relay device 100A, and a new
function unit serving as a function unit newly added to the
in-vehicle network 12 including one or a plurality of function
units. The relay device 100A acquires information transmitted from
the new function unit and capable of specifying a function unit
serving as the communication target of the new function unit. The
relay device 100A acquires an authentication result regarding the
new function unit. When the acquired authentication result is
affirmative, the relay device 100A transmits, to the new function
unit, setting information for allowing the function unit serving as
the communication target and the new function unit to perform
communication via a plurality of relay devices 100A, 100B capable
of relaying information between the function units. The new
function unit performs setting for the new function unit on the
basis of the setting information received from the relay device
100A.
[0203] As described above, when the authentication result regarding
the new function unit is affirmative, the relay device 100A
transmits, to the new function unit, setting information for
allowing the existing function unit serving as the communication
target and the new function unit to perform communication via the
plurality of relay devices 100A, 100B. Due to this configuration,
for example, when a network for allowing the existing function unit
and the new function unit to perform communication via the
plurality of relay devices 100A, 100B is to be constructed, the
authentication process and the like regarding the new function unit
by the relay device 100B, which is a part of devices in the
in-vehicle network 12, can be omitted.
[0204] Therefore, in the communication system 300 according to the
embodiment of the present disclosure, a network having a new
configuration can be flexibly constructed through a simple process
while ensuring security in the network.
[0205] A vehicle communication management method according to the
embodiment of the present disclosure is a vehicle communication
management method to be performed in the relay device 100A. In this
vehicle communication management method, first, the relay device
100A acquires an authentication result regarding a new function
unit serving as a function unit newly added to the in-vehicle
network 12 including one or a plurality of function units. Next,
when the acquired authentication result is affirmative, the relay
device 100A performs a setting process for allowing the new
function unit and an existing function unit serving as a function
unit included in the in-vehicle network 12 before the new function
unit is added thereto, to perform communication via a plurality of
relay devices 100A, 100B capable of relaying information between
the function units, the setting process being regarding at least
one of the relay devices 100A, 100B, the existing function unit,
and the new function unit.
[0206] As described above, when the authentication result regarding
the new function unit is affirmative, the relay device 100A
performs the setting process for allowing the existing function
unit and the new function unit to perform communication via the
plurality of the relay devices 100A, 100B, the setting process
being regarding at least one of the relay devices 100A, 100B, the
existing function unit, and the new function unit. Due to this
method, for example, when a network for allowing the existing
function unit and the new function unit to perform communication
via the plurality of relay devices 100A, 100B is to be constructed,
the authentication process and the like regarding the new function
unit by the relay device 100B, which is a part of devices in the
in-vehicle network 12, can be omitted.
[0207] Therefore, in the vehicle communication management method
according to the embodiment of the present disclosure, a network
having a new configuration can be flexibly constructed through a
simple process while ensuring security in the network.
[0208] A vehicle communication management method according to the
embodiment of the present disclosure is a vehicle communication
management method to be performed in the communication system 300
including the relay device 100A and a new function unit serving as
a function unit newly added to the in-vehicle network 12 including
one or a plurality of function units. In this vehicle communication
management method, first, the relay device 100A acquires
information transmitted from the new function unit and capable of
specifying a function unit serving as a communication target of the
new function unit. Next, the relay device 100A acquires an
authentication result regarding the new function unit. Next, when
the acquired authentication result is affirmative, the relay device
100A transmits, to the new function unit, setting information for
allowing the function unit serving as the communication target and
the new function unit to perform communication via a plurality of
relay devices 100A, 100B capable of relaying information between
the function units. Next, the new function unit performs setting
for the new function unit on the basis of the setting information
received from the relay device 100A.
[0209] As described above, when the authentication result regarding
the new function unit is affirmative, the relay device 100A
transmits, to the new function unit, setting information for
allowing the existing function unit serving as the communication
target and the new function unit to perform communication via the
plurality of relay devices 100A, 100B. Due to this method, for
example, when a network for allowing the existing function unit and
the new function unit to perform communication via the plurality of
relay devices 100A, 100B is to be constructed, the authentication
process and the like regarding the new function unit by the relay
device 100B, which is a part of devices of the in-vehicle network
12, can be omitted.
[0210] Therefore, in the vehicle communication management method
according to the embodiment of the present disclosure, a network
having a new configuration can be flexibly constructed through a
simple process while ensuring security in the network.
[0211] The above embodiment is merely illustrative in all aspects
and should not be recognized as being restrictive. The scope of the
present disclosure is defined by the scope of the claims rather
than by the description above, and is intended to include meaning
equivalent to the scope of the claims and all modifications within
the scope.
[0212] The above description includes the features in the
additional notes below.
[0213] [Additional Note 1]
[0214] A relay device capable of relaying information between
function units in an in-vehicle network including one or a
plurality of function units, the relay device comprising:
[0215] a detection unit configured to detect a new function unit
serving as a function unit newly added to the in-vehicle
network;
[0216] an acquisition unit configured to acquire an authentication
result regarding the new function unit detected by the detection
unit; and
[0217] a setting unit configured to, when the authentication result
acquired by the acquisition unit is affirmative, perform a setting
process for allowing the new function unit and an existing function
unit serving as a function unit included in the in-vehicle network
before the new function unit is added thereto, to perform
communication via a plurality of relay devices capable of relaying
information between the function units, the setting process being
regarding at least one of the relay devices, the existing function
unit, and the new function unit.
[0218] [Additional Note 2]
[0219] A setting device comprising:
[0220] an acquisition unit configured to acquire an authentication
result regarding a new function unit serving as a function unit
newly added to an in-vehicle network including one or a plurality
of function units; and
[0221] a setting unit configured to, when the authentication result
acquired by the acquisition unit is affirmative, perform a setting
process for allowing the new function unit and an existing function
unit serving as a function unit included in the in-vehicle network
before the new function unit is added thereto, to perform
communication via a plurality of relay devices capable of relaying
information between the function units, the setting process being
regarding at least one of the relay devices, the existing function
unit, and the new function unit, wherein
[0222] the acquisition unit and the setting unit are each realized
by a processor.
[0223] [Additional Note 3]
[0224] An in-vehicle communication system comprising:
[0225] a first relay device capable of relaying information between
function units in an in-vehicle network including a plurality of
function units, and a second relay device connected to the first
relay device; and
[0226] a new function unit serving as a function unit newly added
to the in-vehicle network, wherein
[0227] the new function unit transmits, to the first relay device,
information capable of specifying a function unit serving as a
communication target of the new function unit,
[0228] the first relay device detects addition of the new function
unit to the in-vehicle network,
[0229] the first relay device acquires an authentication result
regarding the detected new function unit,
[0230] when the acquired authentication result is affirmative, the
first relay device transmits, to the new function unit, setting
information for allowing the function unit serving as the
communication target and the new function unit to perform
communication via the first relay device and the second relay
device, and
[0231] the new function unit performs setting for the new function
unit on the basis of the setting information received from the
first relay device.
[0232] [Additional Note 4]
[0233] An in-vehicle communication system comprising:
[0234] a setting device; and
[0235] a new function unit serving as a function unit newly added
to an in-vehicle network including one or a plurality of function
units, wherein
[0236] the setting device acquires information transmitted from the
new function unit and capable of specifying a function unit serving
as a communication target of the new function unit,
[0237] the setting device acquires an authentication result
regarding the new function unit,
[0238] when the acquired authentication result is affirmative, the
setting device transmits, to the new function unit, setting
information for allowing the function unit serving as the
communication target and the new function unit to perform
communication via a plurality of relay devices capable of relaying
information between the function units,
[0239] the new function unit performs setting for the new function
unit on the basis of the setting information received from the
setting device, and
[0240] the function unit is an ECU.
REFERENCE SIGNS LIST
[0241] 1, 2, 3, 4 communication port [0242] 11 Ethernet cable
[0243] 12 in-vehicle network [0244] 100 relay device [0245] 110
relay processing unit [0246] 111 in-vehicle ECU [0247] 120
detection unit [0248] 130 authentication result acquisition unit
[0249] 140 authentication unit [0250] 150 setting unit [0251] 160
storage unit [0252] 200 server [0253] 300 communication system
* * * * *